prx_auth 1.7.1 → 1.7.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.git-blame-ignore-revs +2 -0
- data/.github/workflows/check-project-std.yml +21 -0
- data/Gemfile +1 -1
- data/Guardfile +5 -5
- data/Rakefile +5 -5
- data/lib/prx_auth/resource_map.rb +33 -35
- data/lib/prx_auth/scope_list.rb +26 -26
- data/lib/prx_auth/version.rb +1 -1
- data/lib/prx_auth.rb +3 -3
- data/lib/rack/prx_auth/auth_validator.rb +6 -7
- data/lib/rack/prx_auth/certificate.rb +9 -11
- data/lib/rack/prx_auth/token_data.rb +12 -12
- data/lib/rack/prx_auth.rb +11 -11
- data/prx_auth.gemspec +22 -23
- data/test/prx_auth/resource_map_test.rb +67 -68
- data/test/prx_auth/scope_list_test.rb +53 -55
- data/test/rack/prx_auth/auth_validator_test.rb +49 -50
- data/test/rack/prx_auth/certificate_test.rb +28 -28
- data/test/rack/prx_auth/token_data_test.rb +43 -43
- data/test/rack/prx_auth_test.rb +23 -23
- data/test/test_helper.rb +7 -7
- metadata +25 -16
@@ -1,109 +1,108 @@
|
|
1
|
-
require
|
1
|
+
require "test_helper"
|
2
2
|
|
3
3
|
describe PrxAuth::ResourceMap do
|
4
|
-
|
5
4
|
def new_map(val)
|
6
5
|
PrxAuth::ResourceMap.new(val)
|
7
6
|
end
|
8
7
|
|
9
8
|
let(:map) { PrxAuth::ResourceMap.new(input) }
|
10
|
-
let(:input) { {
|
9
|
+
let(:input) { {"123" => "admin one two three ns1:namespaced", "456" => "member four five six"} }
|
11
10
|
|
12
|
-
describe
|
13
|
-
it
|
11
|
+
describe "#authorized?" do
|
12
|
+
it "contains scopes in list" do
|
14
13
|
assert map.contains?(123, :admin)
|
15
14
|
end
|
16
15
|
|
17
|
-
it
|
16
|
+
it "does not include across aur limits" do
|
18
17
|
assert !map.contains?(123, :member)
|
19
18
|
end
|
20
19
|
|
21
|
-
it
|
20
|
+
it "does not require a scope" do
|
22
21
|
assert map.contains?(123)
|
23
22
|
end
|
24
23
|
|
25
|
-
it
|
24
|
+
it "does not match if it hasnt seen the resource" do
|
26
25
|
assert !map.contains?(789)
|
27
26
|
end
|
28
27
|
|
29
|
-
it
|
28
|
+
it "works with namespaced scopes" do
|
30
29
|
assert map.contains?(123, :ns1, :namespaced)
|
31
30
|
end
|
32
31
|
|
33
|
-
describe
|
32
|
+
describe "with wildcard resource" do
|
34
33
|
let(:input) do
|
35
34
|
{
|
36
|
-
|
37
|
-
|
38
|
-
|
35
|
+
"*" => "peek",
|
36
|
+
"123" => "admin one two three",
|
37
|
+
"456" => "member four five six"
|
39
38
|
}
|
40
39
|
end
|
41
40
|
|
42
|
-
it
|
41
|
+
it "applies wildcard lists to queries with no matching value" do
|
43
42
|
assert map.contains?(789, :peek)
|
44
43
|
end
|
45
44
|
|
46
|
-
it
|
45
|
+
it "does not scan unscoped for wildcard resources" do
|
47
46
|
assert !map.contains?(789)
|
48
47
|
end
|
49
48
|
|
50
|
-
it
|
51
|
-
assert map.contains?(
|
52
|
-
assert !map.contains?(
|
49
|
+
it "allows querying by wildcard resource directly" do
|
50
|
+
assert map.contains?("*", :peek)
|
51
|
+
assert !map.contains?("*", :admin)
|
53
52
|
end
|
54
53
|
|
55
|
-
it
|
54
|
+
it "treats wildcard lists as additive to other explicit ones" do
|
56
55
|
assert map.contains?(123, :peek)
|
57
56
|
end
|
58
57
|
|
59
|
-
it
|
58
|
+
it "refuses to run against wildcard with no scope" do
|
60
59
|
assert_raises ArgumentError do
|
61
|
-
map.contains?(
|
60
|
+
map.contains?("*")
|
62
61
|
end
|
63
62
|
end
|
64
63
|
end
|
65
64
|
end
|
66
65
|
|
67
|
-
describe
|
68
|
-
let
|
66
|
+
describe "#resources" do
|
67
|
+
let(:input) do
|
69
68
|
{
|
70
|
-
|
71
|
-
|
72
|
-
|
69
|
+
"*" => "read wildcard",
|
70
|
+
"123" => "read write buy",
|
71
|
+
"456" => "read ns1:buy"
|
73
72
|
}
|
74
73
|
end
|
75
74
|
|
76
|
-
let
|
75
|
+
let(:resources) { map.resources }
|
77
76
|
|
78
|
-
it
|
79
|
-
assert resources.include?(
|
80
|
-
assert resources.include?(
|
77
|
+
it "returns resource ids" do
|
78
|
+
assert resources.include?("123")
|
79
|
+
assert resources.include?("456")
|
81
80
|
end
|
82
81
|
|
83
|
-
it
|
84
|
-
assert !resources.include?(
|
82
|
+
it "excludes wildcard values" do
|
83
|
+
assert !resources.include?("*")
|
85
84
|
end
|
86
85
|
|
87
|
-
it
|
86
|
+
it "filters for scope" do
|
88
87
|
resources = map.resources(:write)
|
89
|
-
assert resources.include?(
|
90
|
-
assert !resources.include?(
|
91
|
-
assert !resources.include?(
|
88
|
+
assert resources.include?("123")
|
89
|
+
assert !resources.include?("456")
|
90
|
+
assert !resources.include?("*")
|
92
91
|
end
|
93
92
|
|
94
|
-
it
|
93
|
+
it "works with namespaces" do
|
95
94
|
resources = map.resources(:ns1, :buy)
|
96
|
-
assert resources.include?(
|
97
|
-
assert resources.include?(
|
95
|
+
assert resources.include?("123")
|
96
|
+
assert resources.include?("456")
|
98
97
|
|
99
98
|
resources = map.resources(:buy)
|
100
|
-
assert !resources.include?(
|
99
|
+
assert !resources.include?("456")
|
101
100
|
end
|
102
101
|
end
|
103
102
|
|
104
|
-
describe
|
105
|
-
let
|
106
|
-
let
|
103
|
+
describe "#condense" do
|
104
|
+
let(:input) { {"one" => "one two three ns1:one", "two" => "two three", "three" => "two", "*" => "two"} }
|
105
|
+
let(:json) { map.condense.as_json }
|
107
106
|
|
108
107
|
it "removes redundant values which are in the wildcard" do
|
109
108
|
assert !json["one"].include?("two")
|
@@ -114,30 +113,30 @@ describe PrxAuth::ResourceMap do
|
|
114
113
|
end
|
115
114
|
end
|
116
115
|
|
117
|
-
describe
|
118
|
-
it
|
116
|
+
describe "#+" do
|
117
|
+
it "adds values" do
|
119
118
|
map = new_map("one" => "two", "two" => "four") + new_map("one" => "three", "three" => "six")
|
120
|
-
assert map.contains?(
|
121
|
-
assert map.contains?(
|
119
|
+
assert map.contains?("one", :two) && map.contains?("one", :three)
|
120
|
+
assert map.contains?("two", :four) && map.contains?("three", :six)
|
122
121
|
end
|
123
122
|
end
|
124
123
|
|
125
|
-
describe
|
126
|
-
it
|
124
|
+
describe "#-" do
|
125
|
+
it "subtracts values" do
|
127
126
|
map = new_map("one" => "two three", "two" => "four") - new_map("one" => "three four")
|
128
|
-
assert map.contains?(
|
129
|
-
assert map.contains?(
|
130
|
-
assert !map.contains?(
|
127
|
+
assert map.contains?("one", :two)
|
128
|
+
assert map.contains?("two", :four)
|
129
|
+
assert !map.contains?("one", :three) && !map.contains?("one", :four)
|
131
130
|
end
|
132
131
|
|
133
|
-
it
|
132
|
+
it "works on wildcards on right side of operator" do
|
134
133
|
map = new_map("one" => "two three") - new_map("*" => "two")
|
135
134
|
assert !map.contains?("one", :two)
|
136
135
|
end
|
137
136
|
end
|
138
137
|
|
139
|
-
describe
|
140
|
-
it
|
138
|
+
describe "#&" do
|
139
|
+
it "computes the intersection" do
|
141
140
|
map = (
|
142
141
|
new_map("one" => "two three", "four" => "five six", "five" => "five") &
|
143
142
|
new_map("one" => "three four", "four" => "six seven", "six" => "six")
|
@@ -148,38 +147,38 @@ describe PrxAuth::ResourceMap do
|
|
148
147
|
assert !map.contains?("five", :five) && !map.contains?("six", :six)
|
149
148
|
end
|
150
149
|
|
151
|
-
it
|
152
|
-
map = new_map("*" => "three wild", "one" => "four two"
|
150
|
+
it "works with wildcards" do
|
151
|
+
map = new_map("*" => "three wild", "one" => "four two") & new_map("*" => "two wild", "two" => "three four")
|
153
152
|
assert map.contains?("two", :three) && map.contains?("one", :two)
|
154
153
|
assert !map.contains?("one", :four) && !map.contains?("two", :four)
|
155
154
|
assert map.contains?("*", :wild)
|
156
155
|
end
|
157
156
|
end
|
158
157
|
|
159
|
-
describe
|
160
|
-
it
|
158
|
+
describe "#as_json" do
|
159
|
+
it "does not include wildcard key if list is empty" do
|
161
160
|
map = new_map("foo" => "asdf")
|
162
|
-
refute map.as_json.has_key?(
|
161
|
+
refute map.as_json.has_key?("*")
|
163
162
|
map2 = new_map("foo" => "asdf", "*" => "")
|
164
|
-
refute map2.as_json.has_key?(
|
163
|
+
refute map2.as_json.has_key?("*")
|
165
164
|
end
|
166
165
|
|
167
|
-
it
|
166
|
+
it "includes the wildcard key if the list is not empty" do
|
168
167
|
map = new_map("*" => "asdf")
|
169
|
-
assert map.as_json.has_key?(
|
168
|
+
assert map.as_json.has_key?("*")
|
170
169
|
end
|
171
170
|
end
|
172
171
|
|
173
|
-
describe
|
174
|
-
it
|
172
|
+
describe "#[]" do
|
173
|
+
it "automatically stringifies" do
|
175
174
|
refute_nil map[123]
|
176
175
|
end
|
177
176
|
end
|
178
177
|
|
179
|
-
describe
|
180
|
-
it
|
178
|
+
describe "#[]=" do
|
179
|
+
it "automatically stringifies" do
|
181
180
|
map[789] = PrxAuth::ScopeList.new("")
|
182
181
|
refute_nil map["789"]
|
183
182
|
end
|
184
183
|
end
|
185
|
-
end
|
184
|
+
end
|
@@ -1,139 +1,137 @@
|
|
1
|
-
require
|
1
|
+
require "test_helper"
|
2
2
|
|
3
3
|
describe PrxAuth::ScopeList do
|
4
|
-
|
5
4
|
def new_list(val)
|
6
5
|
PrxAuth::ScopeList.new(val)
|
7
6
|
end
|
8
7
|
|
9
|
-
let
|
10
|
-
let
|
8
|
+
let(:scopes) { "read write sell top-up" }
|
9
|
+
let(:list) { PrxAuth::ScopeList.new(scopes) }
|
11
10
|
|
12
|
-
it
|
13
|
-
assert list.contains?(
|
11
|
+
it "looks up successfully for a given scope" do
|
12
|
+
assert list.contains?("write")
|
14
13
|
end
|
15
14
|
|
16
|
-
it
|
15
|
+
it "scans for symbols" do
|
17
16
|
assert list.contains?(:read)
|
18
17
|
end
|
19
18
|
|
20
|
-
it
|
19
|
+
it "handles hyphen to underscore conversions" do
|
21
20
|
assert list.contains?(:top_up)
|
22
21
|
end
|
23
22
|
|
24
|
-
it
|
23
|
+
it "fails for contents not in the list" do
|
25
24
|
assert !list.contains?(:buy)
|
26
25
|
end
|
27
26
|
|
28
|
-
describe
|
29
|
-
let
|
27
|
+
describe "with namespace" do
|
28
|
+
let(:scopes) { "ns1:hello ns2:goodbye aloha 1:23" }
|
30
29
|
|
31
|
-
it
|
30
|
+
it "works for namespaced lookups" do
|
32
31
|
assert list.contains?(:ns1, :hello)
|
33
32
|
end
|
34
33
|
|
35
|
-
it
|
34
|
+
it "fails when the wrong namespace is passed" do
|
36
35
|
assert !list.contains?(:ns1, :goodbye)
|
37
36
|
end
|
38
37
|
|
39
|
-
it
|
38
|
+
it "looks up global scopes when namespaced fails" do
|
40
39
|
assert list.contains?(:ns1, :aloha)
|
41
40
|
assert list.contains?(:ns3, :aloha)
|
42
41
|
end
|
43
42
|
|
44
|
-
it
|
43
|
+
it "works with non-symbol namespaces" do
|
45
44
|
assert list.contains?(1, 23)
|
46
45
|
end
|
47
46
|
end
|
48
47
|
|
49
|
-
describe
|
50
|
-
let
|
51
|
-
it
|
48
|
+
describe "#condense" do
|
49
|
+
let(:scopes) { "ns1:foo foo ns1:bar" }
|
50
|
+
it "removes redundant scopes based on namespace wildcards" do
|
52
51
|
assert list.condense.to_s == "foo ns1:bar"
|
53
52
|
end
|
54
53
|
end
|
55
54
|
|
56
|
-
describe
|
57
|
-
it
|
58
|
-
sl = new_list(
|
59
|
-
assert sl.
|
55
|
+
describe "#-" do
|
56
|
+
it "subtracts scopes" do
|
57
|
+
sl = new_list("one two") - new_list("two")
|
58
|
+
assert sl.is_a? PrxAuth::ScopeList
|
60
59
|
assert !sl.contains?(:two)
|
61
60
|
assert sl.contains?(:one)
|
62
61
|
end
|
63
62
|
|
64
|
-
it
|
65
|
-
sl = new_list(
|
63
|
+
it "works with scope wildcards" do
|
64
|
+
sl = new_list("ns1:one ns2:two") - new_list("one")
|
66
65
|
assert !sl.contains?(:ns1, :one)
|
67
66
|
end
|
68
67
|
|
69
|
-
it
|
70
|
-
sl = new_list(
|
68
|
+
it "accepts nil" do
|
69
|
+
sl = new_list("one two") - nil
|
71
70
|
assert sl.contains?(:one) && sl.contains?(:two)
|
72
71
|
end
|
73
72
|
|
74
|
-
it
|
75
|
-
sl = new_list(
|
76
|
-
assert sl.to_s ==
|
73
|
+
it "maintains dashes and capitalization in the result" do
|
74
|
+
sl = new_list("The-Beginning the-middle the-end") - new_list("the-Middle")
|
75
|
+
assert sl.to_s == "The-Beginning the-end"
|
77
76
|
end
|
78
77
|
|
79
|
-
it
|
80
|
-
sl = new_list(
|
78
|
+
it "dedups and condenses" do
|
79
|
+
sl = new_list("one ns1:two ns2:two one three three") - new_list("ns1:two three")
|
81
80
|
assert_equal sl.length, 2
|
82
|
-
assert_equal sl.to_s,
|
81
|
+
assert_equal sl.to_s, "one ns2:two"
|
83
82
|
end
|
84
83
|
end
|
85
84
|
|
86
|
-
describe
|
87
|
-
it
|
88
|
-
sl = new_list(
|
89
|
-
assert sl.
|
85
|
+
describe "#+" do
|
86
|
+
it "adds scopes" do
|
87
|
+
sl = new_list("one") + new_list("two")
|
88
|
+
assert sl.is_a? PrxAuth::ScopeList
|
90
89
|
assert sl.contains?(:one)
|
91
90
|
assert sl.contains?(:two)
|
92
91
|
end
|
93
92
|
|
94
|
-
it
|
95
|
-
sl = new_list(
|
93
|
+
it "dedups and condenses" do
|
94
|
+
sl = new_list("one ns1:one two") + new_list("two three") + new_list("two")
|
96
95
|
assert_equal sl.length, 3
|
97
|
-
assert_equal sl.to_s,
|
96
|
+
assert_equal sl.to_s, "one two three"
|
98
97
|
end
|
99
98
|
|
100
|
-
it
|
101
|
-
sl = new_list(
|
99
|
+
it "accepts nil" do
|
100
|
+
sl = new_list("one two") + nil
|
102
101
|
assert sl.contains?(:one) && sl.contains?(:two)
|
103
102
|
end
|
104
103
|
end
|
105
104
|
|
106
|
-
describe
|
107
|
-
it
|
108
|
-
sl = (new_list(
|
109
|
-
assert sl.
|
105
|
+
describe "#&" do
|
106
|
+
it "gets the intersect of scopes" do
|
107
|
+
sl = (new_list("one two three four") & new_list("two four six"))
|
108
|
+
assert sl.is_a? PrxAuth::ScopeList
|
110
109
|
assert sl.contains?(:two) && sl.contains?(:four)
|
111
|
-
assert !sl.contains?(:one) && !sl.contains?(:three)
|
110
|
+
assert !sl.contains?(:one) && !sl.contains?(:three) && !sl.contains?(:six)
|
112
111
|
end
|
113
112
|
|
114
|
-
it
|
115
|
-
sl = new_list(
|
113
|
+
it "accepts nil" do
|
114
|
+
sl = new_list("one") & nil
|
116
115
|
assert !sl.contains?(:one)
|
117
116
|
end
|
118
117
|
|
119
|
-
it
|
120
|
-
sl = PrxAuth::ScopeList.new(
|
118
|
+
it "works when either side has non-namespaced values correctly" do
|
119
|
+
sl = PrxAuth::ScopeList.new("foo:bar") & PrxAuth::ScopeList.new("bar")
|
121
120
|
assert sl.contains?(:foo, :bar)
|
122
121
|
refute sl.contains?(:bar)
|
123
122
|
|
124
|
-
sl = PrxAuth::ScopeList.new(
|
123
|
+
sl = PrxAuth::ScopeList.new("bar") & PrxAuth::ScopeList.new("foo:bar")
|
125
124
|
assert sl.contains?(:foo, :bar)
|
126
125
|
refute sl.contains?(:bar)
|
127
126
|
end
|
128
127
|
end
|
129
128
|
|
130
|
-
describe
|
131
|
-
|
132
|
-
it 'is equal when they are functionally equal' do
|
129
|
+
describe "==" do
|
130
|
+
it "is equal when they are functionally equal" do
|
133
131
|
assert_equal PrxAuth::ScopeList.new("foo ns:foo bar ns2:baz"), PrxAuth::ScopeList.new("ns2:baz bar foo")
|
134
132
|
end
|
135
133
|
|
136
|
-
it
|
134
|
+
it "is not equal when they are not functionally equal" do
|
137
135
|
refute_equal PrxAuth::ScopeList.new("foo bar"), PrxAuth::ScopeList.new("foo:bar bar:foo")
|
138
136
|
end
|
139
137
|
end
|
@@ -1,38 +1,38 @@
|
|
1
|
-
require
|
1
|
+
require "test_helper"
|
2
2
|
|
3
3
|
describe Rack::PrxAuth::AuthValidator do
|
4
|
-
let(:app) {
|
5
|
-
let(:auth_validator) { Rack::PrxAuth::AuthValidator.new(token, certificate,
|
4
|
+
let(:app) { proc { |env| env } }
|
5
|
+
let(:auth_validator) { Rack::PrxAuth::AuthValidator.new(token, certificate, "id.local.test") }
|
6
6
|
|
7
|
-
let(:token) {
|
7
|
+
let(:token) { "some.token.foo" }
|
8
8
|
|
9
9
|
let(:iat) { Time.now.to_i }
|
10
10
|
let(:exp) { 3600 }
|
11
|
-
let(:claims) { {
|
11
|
+
let(:claims) { {"sub" => 3, "exp" => exp, "iat" => iat, "token_type" => "bearer", "scope" => nil, "iss" => "id.prx.org"} }
|
12
12
|
let(:certificate) { Rack::PrxAuth::Certificate.new }
|
13
13
|
|
14
|
-
describe
|
15
|
-
it
|
14
|
+
describe "#token_issuer_matches" do
|
15
|
+
it "false if the token is from another issuer" do
|
16
16
|
auth_validator.stub(:claims, claims) do
|
17
17
|
refute auth_validator.token_issuer_matches?
|
18
18
|
end
|
19
19
|
end
|
20
20
|
|
21
|
-
it
|
22
|
-
auth_validator.stub(:issuer,
|
21
|
+
it "is false if the issuer in the validator does not match" do
|
22
|
+
auth_validator.stub(:issuer, "id.foo.com") do
|
23
23
|
refute auth_validator.token_issuer_matches?
|
24
24
|
end
|
25
25
|
end
|
26
26
|
end
|
27
27
|
|
28
|
-
describe
|
29
|
-
it
|
28
|
+
describe "#valid?" do
|
29
|
+
it "is false if token is invalid" do
|
30
30
|
auth_validator.stub(:claims, claims) do
|
31
31
|
refute auth_validator.valid?
|
32
32
|
end
|
33
33
|
end
|
34
34
|
|
35
|
-
it
|
35
|
+
it "is false if the token is nil" do
|
36
36
|
certificate.stub(:valid?, true) do
|
37
37
|
auth_validator.stub(:token, nil) do
|
38
38
|
refute auth_validator.valid?
|
@@ -41,101 +41,100 @@ describe Rack::PrxAuth::AuthValidator do
|
|
41
41
|
end
|
42
42
|
end
|
43
43
|
|
44
|
-
describe
|
45
|
-
|
44
|
+
describe "#expired?" do
|
46
45
|
def expired?(claims)
|
47
46
|
auth_validator.stub(:claims, claims) do
|
48
47
|
auth_validator.expired?
|
49
48
|
end
|
50
49
|
end
|
51
50
|
|
52
|
-
describe
|
51
|
+
describe "with a malformed exp" do
|
53
52
|
let(:iat) { Time.now.to_i }
|
54
53
|
let(:exp) { 3600 }
|
55
54
|
|
56
|
-
it
|
57
|
-
claims[
|
55
|
+
it "is expired if iat + exp are in the past" do
|
56
|
+
claims["iat"] -= 3631
|
58
57
|
|
59
58
|
assert expired?(claims)
|
60
59
|
end
|
61
60
|
|
62
|
-
it
|
63
|
-
claims[
|
61
|
+
it "is not expired if iat + exp are in the future" do
|
62
|
+
claims["iat"] = Time.now.to_i - 3599
|
64
63
|
|
65
64
|
refute expired?(claims)
|
66
65
|
end
|
67
66
|
|
68
|
-
it
|
69
|
-
claims[
|
67
|
+
it "allows a 30s clock jitter" do
|
68
|
+
claims["iat"] = Time.now.to_i - 3629
|
70
69
|
|
71
70
|
refute expired?(claims)
|
72
71
|
end
|
73
72
|
end
|
74
73
|
|
75
|
-
describe
|
74
|
+
describe "with a corrected exp" do
|
76
75
|
let(:iat) { Time.now.to_i - 3600 }
|
77
76
|
let(:exp) { Time.now.to_i + 1 }
|
78
77
|
|
79
|
-
it
|
78
|
+
it "is not expired if exp is in the future" do
|
80
79
|
refute expired?(claims)
|
81
80
|
end
|
82
81
|
|
83
|
-
it
|
84
|
-
claims[
|
82
|
+
it "is expired if exp is in the past (with 30s jitter grace)" do
|
83
|
+
claims["exp"] = Time.now.to_i - 31
|
85
84
|
assert expired?(claims)
|
86
|
-
claims[
|
85
|
+
claims["exp"] = Time.now.to_i - 29
|
87
86
|
refute expired?(claims)
|
88
87
|
end
|
89
88
|
end
|
90
89
|
end
|
91
90
|
|
92
|
-
describe
|
91
|
+
describe "#time_to_live" do
|
93
92
|
def time_to_live(claims)
|
94
93
|
auth_validator.stub(:claims, claims) do
|
95
94
|
auth_validator.time_to_live
|
96
95
|
end
|
97
96
|
end
|
98
97
|
|
99
|
-
it
|
100
|
-
claims[
|
98
|
+
it "returns the ttl without any clock jitter correction" do
|
99
|
+
claims["exp"] = Time.now.to_i + 999
|
101
100
|
assert_equal time_to_live(claims), 999
|
102
101
|
end
|
103
102
|
|
104
|
-
it
|
105
|
-
claims[
|
103
|
+
it "handles missing exp" do
|
104
|
+
claims["exp"] = nil
|
106
105
|
assert_equal time_to_live(claims), 0
|
107
106
|
end
|
108
107
|
|
109
|
-
it
|
110
|
-
claims[
|
111
|
-
claims[
|
108
|
+
it "handles missing iat" do
|
109
|
+
claims["iat"] = nil
|
110
|
+
claims["exp"] = Time.now.to_i + 999
|
112
111
|
assert_equal time_to_live(claims), 999
|
113
112
|
end
|
114
113
|
|
115
|
-
it
|
116
|
-
claims[
|
117
|
-
claims[
|
114
|
+
it "handles malformed exp" do
|
115
|
+
claims["iat"] = Time.now.to_i
|
116
|
+
claims["exp"] = 999
|
118
117
|
assert_equal time_to_live(claims), 999
|
119
118
|
end
|
120
119
|
end
|
121
120
|
|
122
|
-
describe
|
123
|
-
it
|
124
|
-
|
125
|
-
|
126
|
-
|
121
|
+
describe "#decode_token" do
|
122
|
+
it "should return an empty result for a nil token" do
|
123
|
+
auth_validator.stub(:token, nil) do
|
124
|
+
assert auth_validator.decode_token == {}
|
125
|
+
end
|
127
126
|
end
|
128
127
|
|
129
|
-
it
|
130
|
-
|
131
|
-
|
132
|
-
|
128
|
+
it "should return an empty result for an empty token" do
|
129
|
+
auth_validator.stub(:token, "") do
|
130
|
+
assert auth_validator.decode_token == {}
|
131
|
+
end
|
133
132
|
end
|
134
133
|
|
135
|
-
it
|
136
|
-
|
137
|
-
|
138
|
-
|
134
|
+
it "should return an empty result for a malformed token" do
|
135
|
+
auth_validator.stub(:token, token) do
|
136
|
+
assert auth_validator.decode_token == {}
|
137
|
+
end
|
139
138
|
end
|
140
139
|
end
|
141
140
|
end
|